Answered: [Security threat] tags are not sanitized in extra question field

Post date: 2020-07-01 00:44:51
Views: 305

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.

Please click Here to read the full story.
 
Other Top and Latest Questions:
Ford Q2 sales drop 10.3% due to F-Series supplier issue, falling EV demand
Americans are paying record prices for steak. Here's why demand isn't cracking
Rivian raises 2026 delivery outlook while Lucid misses Wall Street expectations for second quarter
AI agents will soon be able to match human traders, Robinhood CEO tells CNBC
Autonomous drone startup Quantum Systems raises $1.2 billion as investors pile into defense
Restrictive immigration policies are changing the composition of the healthcare workforce
Movie: Mind Ripper
Movie: Affection
U.S. job creation cools in June with payrolls growth of just 57,000; unemployment rate at 4.2%
Microsoft commits $2.5 billion and 6,000 employees to new AI implementation unit